Good morning, Shenzhen! This is the third day of #IETF125 https://www.ietf.org/meeting/125/ We are preparing the future Internet technical standards.
Today, for me, dnsop (#DNS stuff), aipref (preferences for AI crawlers) and rpp (domain registration protocol).
https://datatracker.ietf.org/doc/draft-ietf-dnsop-delegation-mgmt-via-ddns/ : alternative to CSYNC/CDS to update NS/DS at the parent from the child, by sending a signed dynamic update https://github.com/johanix/tdns
https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-ranking-data/ : tightening the definition of trusted data in the DNS. Don't believe blindly everything you obtained from other servers! (Mostly, but not only, useful for non-signed zones.)
Delegation information (i.e. the NS RRset, possible glue, possible DS records) should always be kept in sync between child zone and parent zone. However, in practice that is not always the case. When the delegation information is not in sync the child zone is usually working fine, but without the amount of redundancy that the zone owner likely expects to have. Hence, should any further problems ensue it could have catastrophic consequences. The DNS name space has lived with this problem for decades and it never goes away. Or, rather, it will never go away until a fully automated mechanism for how to keep the information in sync automatically is deployed. This document proposes such a mechanism based on DNS Dynamic Updates (DDNS) secured with SIG(0) signatures, sent from the child to the parent across the zone cut. The target of the update is discovered via the DSYNC record defined in [RFC9859]. TO BE REMOVED: This document is being collaborated on in Github at: https://github.com/johanix/draft-ietf-dnsop-delegation-mgmt-via-ddns (https://github.com/johanix/draft-ietf-dnsop-delegation-mgmt-via- ddns). The most recent working version of the document, open issues, etc, should all be available there. The authors (gratefully) accept pull requests.
Stéphane Bortzmeyer